Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
jintrah_FTNT
Staff
Staff

Created on ‎06-15-2016 05:11 AM Edited on ‎03-07-2025 05:07 AM By Moderator

Article Id 192243

Troubleshooting Tip: New CLI filtering commands to debug SSL VPN available in v5.4

Description

 
This article describes that new commands have been introduced in FortiOS v5.4 to filter SSL VPN debugging.
 
Scope
 
FortiGate.


Solution

 

diagnose vpn ssl debug-filter ?

clear        Erase the current filter.
list         Display the current filter.
src-addr4    IPv4 source address range.
src-addr6    IPv6 source address range.
vd           Name of virtual domain.
negate       Negate the specified filter parameter.
 
Once the filter has been set, SSL VPN debugs can be enabled using the commands:
 
diag vpn ssl debug-filter src-addr4 <X.X.X.X> Client's IP
diag debug application sslvpn -1
diag debug enable
 

To disable debugs:

 

diag debug disable

diag debug reset

 

Note:

x.x.x.x should be the public IP of the connecting user. The filter will ensure that the debug information relevant only to traffic from the specified IP address is captured, helping to focus on specific client troubleshooting.

Labels:
16914
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.